Logging requests matching a rule

You can specify that logging should or should not occur for a specific rule. This can effectively reduce logging load, and it can be useful if a large amount of data is being logged from a specific protocol or source. For example, if you have a rule that denies DHCP requests and the log is filling up with many denied requests, you can disable logging for that rule. Note that each access rule is created with logging enabled by default.

  1. In the Forefront TMG Management console tree, click Firewall Policy
  2. In the details pane, click the rule for which logging should be enabled.
  3. On the Tasks tab, click Edit Selected Rule.
  4. On the Action tab, do the following:
    • To log traffic handled by the rule, click Log requests matching this rule.
    • To specify that traffic handled by the rule should not be logged, clear Log requests matching this rule.
If you disable logging on the default deny rule, Forefront TMG cannot detect port scan attacks.